just another infosec blog

HTTPS is DROWNING

Did you know that 33% of all HTTPS servers are vulnerable to a bug named DROWN? Yup – they totally are. DROWN is a new cross protocol bug targeting HTTPS and TLS/SSL enabled services. It was made known in early March 2016 and the acronym stands for “Decrypting RSA with Obsolete and Weakened eNcryption”.

Dude! There’s a bug in my code spaghetti!

DROWN allows attackers to break the encryption and read or steal sensitive communications, including passwords, credit card numbers, trade secrets, blackmails or financial data. This can be done by exploiting vulnerabilities in the SSLv2 protocol by combining technical observations of handshakes, repetitive SSLv2 connections to the server and number crunching. It is worth noting that the decryption occurs gradually and sequentially per server connection and that this will require thousands of requests to the server in order to succeed. The attacks will therefore appear in the server logs if logging is enabled.

Basically, all servers that allow both TLS and SSLv2 connections are vulnerable. All servers where private RSA keys and certificates are being reused on other hosts that support SSLv2 are also vulnerable. E.g. reuse on both Web and e-mail server and wherever Wildcard certificates are used.

My best advice to stay safe is to update the SSL/TLS software to current version. Running updated software is considered the golden rule. I would
also recommend turning off SSLv2 support. SSLv2 is an old protocol that was released back in 1995 and got discarded in 2011 – but is still being actively used. Stop any reuse of certificates and RSA keys – start using dedicated certificates on each host. Finally, enable logging and put up monitoring on it! Oh. Also, do not underestimate the powers of having an updated vulnerability scanner at hand.

To me DROWN came as no surprise since I have been hosting and observing servers for years. Support for weak cipher suites, un-patched or outdated SSL/TLS software, support for old protocols like SSLv2 and SSLv3, certificates issued by unknown CA, self signed certificates and certificates using weak signing algorithms are kinda normal. And last, known vulnerabilities like BEAST, FREAK, POODLE and HeartBleed. The state of HTTPS configuration out there isn’t great and frankly, a bit sad. But remember, you are not alone being vulnerable.